Yes, inbound is affected even though outbound transfers are suspended. The inbound in shaped to 39K. This is what totally confuses me. I thought with my script that only traffic leaving source ports 50000-51000 & 65437 should be shaped. But it is also shaping traffic entering my machine on the same ports. ................. Is the inbound rate affected even if there are no outbound transfers? Is the speed actually being "limited" to a certain speed, or are you just noticing that the inbound/upload traffic is slower than it should be. The reason I ask is because you're tagging all outbound ftp-data traffic (ports 50000:51000) and directing it to the class with 39kbps. If you have outbound/download transfers going, they may be using all the available outbound bandwidth for that class and causing outbound ACK packets (for the inbound/upload traffic) to queue and throttle the inbound speed. Please don't flame me if I'm way off base... Assumption: - data connection is bi-directional. ie. the data connection is made on the specified PASV (server) ports (50000:51000) regardless of whether it's an upload or download. Test: - simply kill all downloads and see if the uploads are still affected. - or you can tag oubound ACK packets and filter them into the faster class. chris >>>>Theory is.. You can only shape outbound traffic. > >> Inbound is via tcp windowshaping etc.. >> >> In theory yes, but it is shaping inbound transfers to my server. >> > >>>>>> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK >>>>>> --set-mark 20 >>>>>> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK >>>>>> --set-mark 20 >>>>>> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark >>>>>> 26 > >> > >>>>Why do you care about destination port? >>>>AFAIK, it shouldn't affect your wants since you're >not filtering on >>>>incoming traffic > >> >> I dont care about destination port. That line was commented. BUT, >> incoming transfers are being shaped for some reason. >> > >>>>Is this legal?? 10000mbps?? Wow.. 10000*1E6? > >> >> I just did that to make sure lan traffic was not affected at all. >> >> >> enire script for reference.... >> I am using the following script to limit my outbound traffic. This scipt >> runs on a box behind my firewall. It limits my outbound passive ftp >> traffic to 39K perfectly....just like i want. However, i just noticed that >> it is also limiting uploads coming to my server. >> >> Is there something I can change to make it not limit uploads to my server? >> #!/bin/bash >> #shaping passive ftp traffic >> >> # mark the outbound passive ftp packets on ports 50000-51000 >> iptables -t mangle -D POSTROUTING -o eth0 -j MYSHAPER-OUT 2> /dev/null > >> /dev/null >> iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null >> iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null >> >> iptables -t mangle -N MYSHAPER-OUT >> iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT >> >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 65437 -j MARK --set-mark >> 20 >> iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK >> --set-mark 20 >> iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26 >> # clear it >> tc qdisc del dev eth0 root >> >> #add the root qdisk >> tc qdisc add dev eth0 root handle 1: htb default 26 >> >> #add main rate limit class >> tc class add dev eth0 parent 1: classid 1:1 htb rate 10000mbps >> >> #add leaf classes >> tc class add dev eth0 parent 1:1 classid 1:26 htb rate 10000mbps >> tc class add dev eth0 parent 1:1 classid 1:20 htb rate 39kbps >> >> #filter traffic into classes >> tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid >> 1:20 >> tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 26 fw flowid >> 1:26 _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/